[Kimchi-devel] [PATCH] Initial prototype, make nginx proxy optional.

Julien Goodwin jgoodwin at studio442.com.au
Wed Feb 4 01:21:31 UTC 2015


Also includes an example apache config.

Implements Issue #570

Signed-off-by: Julien Goodwin <jgoodwin at studio442.com.au>
---
 docs/Makefile.am        |  1 +
 docs/apache.conf.ex     | 35 +++++++++++++++++++++++++++++++++++
 src/kimchi.conf.in      |  3 +++
 src/kimchi/config.py.in |  1 +
 src/kimchi/proxy.py     |  6 ++++++
 5 files changed, 46 insertions(+)
 create mode 100644 docs/apache.conf.ex

diff --git a/docs/Makefile.am b/docs/Makefile.am
index 679aa18..eb8b396 100644
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -20,6 +20,7 @@
 docdir = $(datadir)/kimchi/doc
 
 dist_doc_DATA = \
+        apache.conf.ex \
 	API.md \
 	README.md \
 	README-federation.md \
diff --git a/docs/apache.conf.ex b/docs/apache.conf.ex
new file mode 100644
index 0000000..cd26907
--- /dev/null
+++ b/docs/apache.conf.ex
@@ -0,0 +1,35 @@
+# Although not a supported configuration you can use apache to proxy kimchi traffic.
+# Here is an example of the required configuration.
+# This requires the following apache modules be enabled:
+# - mod_proxy
+# - mod_proxy_http
+# - mod_ssl
+# The port 80 redirect also requires mod_redirect
+# HTTP STS (Strict Transport Security) also requires mod_headers
+<VirtualHost *:443>
+        ServerName kimchi
+
+        SSLEngine On
+        SSLCertificateFile /etc/kimchi/kimchi-cert.pem
+        SSLCertificateKeyFile /etc/kimchi/kimchi-key.pem
+
+        ProxyRequests On
+        ProxyPass / http://127.0.0.1:8010/
+        ProxyPassReverse / http://127.0.0.1:8010/
+
+        <Proxy http://127.0.0.1:8010/>
+                Require all granted
+        </Proxy>
+
+        # HTTP STS
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
+</VirtualHost>
+
+<VirtualHost *:80>
+        ServerName kimchi
+
+        Redirect / https://kimchi/
+
+        # HTTP STS
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
+</VirtualHost>
diff --git a/src/kimchi.conf.in b/src/kimchi.conf.in
index 9f62ac0..e9e8628 100644
--- a/src/kimchi.conf.in
+++ b/src/kimchi.conf.in
@@ -3,6 +3,9 @@
 #
 
 [server]
+# Start the proxy service?
+#run_proxy = on
+
 # Hostname or IP address to listen on
 #host = 0.0.0.0
 
diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index f2e1cac..41c5c89 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -287,6 +287,7 @@ class PluginConfig(dict):
 def _get_config():
     config = SafeConfigParser()
     config.add_section("server")
+    config.set("server", "run_proxy", "on")
     config.set("server", "host", "0.0.0.0")
     config.set("server", "port", "8000")
     config.set("server", "ssl_port", "8001")
diff --git a/src/kimchi/proxy.py b/src/kimchi/proxy.py
index fafa5bc..72497fe 100644
--- a/src/kimchi/proxy.py
+++ b/src/kimchi/proxy.py
@@ -88,6 +88,9 @@ def _create_proxy_config(options):
 
 def start_proxy(options):
     """Start nginx reverse proxy."""
+    if options.run_proxy == 'off':
+        return
+
     _create_proxy_config(options)
     config_dir = paths.conf_dir
     config_file = "%s/nginx_kimchi.conf" % config_dir
@@ -97,5 +100,8 @@ def start_proxy(options):
 
 def terminate_proxy():
     """Stop nginx process."""
+    if options.run_proxy == 'off':
+        return
+
     term_proxy_cmd = ['nginx', '-s', 'stop']
     subprocess.call(term_proxy_cmd)
-- 
2.1.4




More information about the Kimchi-devel mailing list